mario_grgic writes: And so it begins, Apple will require that all Mac apps submitted to the Mac App store stick to strict sandboxing requirements. This means you must ask Apple for read or read/write entitlements for additional folders outside your Application Support folder before your app is approved. There are also restrictions on direct hardware access, communication to processes your app did not start, or even something simple as taking a screenshot.

All that is needed after this to turn your Mac into an appliance is to only allow app installations from App Store.